OSSで始めるセキュリティログ収集/oss-securitylog-builderscon2017

D405f3b9dc9fa223f6fa507717f41372?s=47 bungoume
August 05, 2017

 OSSで始めるセキュリティログ収集/oss-securitylog-builderscon2017

D405f3b9dc9fa223f6fa507717f41372?s=128

bungoume

August 05, 2017
Tweet

Transcript

  1. 10.

    10 audit log # systemctl start auditd # auditctl -a

    always,exit -F arch=b64 -S execve ls ͚ͩͰෳ਺ߦϩά͕ग़Δ ύʔε͠ʹ͍͘… /var/log/audit/audit.log
  2. 13.

    13 osquery 2017/8/3 ݱࡏ githubͷstar͸9501 Linux Security Tools (Top 100)

    *ͷ10൪໨ʹ঺հ * https://linuxsecurity.expert/security-tools/top-100/
  3. 29.

    29 ԿΛ؂ࢹର৅ʹ͢Δ͔(୺຤) ɾChrome, firefoxͷplugin ɾ֦ுػೳʹϚϧ΢ΣΞ͕ೖΔέʔε͕ۙ೥໰୊ʹ ɾhomebrew౳ϥΠϒϥϦͷҰཡ ɹɾ༗໊ॴͱࣅ໊ͨલͷϚϧ΢ΣΞ͕npmͰݟ͔ͭΔ HTTP Headers ͱ͍͏

    5ສਓ͕࢖͍ͬͯΔ Chrome ֦ுͷϚϧ΢ΣΞٙ࿭ http://blog.clock-up.jp/entry/2016/11/03/http-headers-malware npmjs.com Ͱஶ໊ιϑτ΢ΣΞʹΑ͘ࣅ໊ͨલͷϚϧ΢ΣΞ͕େྔʹൃݟ͞Εͨ http://gfx.hatenablog.com/entry/2017/08/02/131537